b'\x0c\x0c                                       A MESSAGE FROM THE\n                                        INSPECTOR GENERAL\nI am pleased to present this Semiannual Report to Congress on the\nactivities and accomplishments of the Nuclear Regulatory Commission\n(NRC) Office of the Inspector General (OIG) from April 1, 2008, to\nSeptember 30, 2008.\n\nOur work reflects the legislative mandate of the Inspector General Act,\nwhich is to identify and prevent fraud, waste, and abuse through the conduct\nof audits and investigations relating to NRC programs and operations.\nThe audits and investigations highlighted in this report demonstrate our\ncommitment to ensuring integrity and efficiency in NRC\xe2\x80\x99s programs and\noperations.\n\nDuring this semiannual reporting period, we issued 11 program audit reports and analyzed\n2 contract audit reports. As a result of this work, OIG made a number of recommendations to improve\nthe effective and efficient operation of NRC\xe2\x80\x99s safety, security, and corporate management programs.\nOIG also opened 17 investigations, and completed 31 cases. Eight of the open cases were referred\nto the Department of Justice, and 25 allegations were referred to NRC management for action.\n\nMy office is dedicated to maintaining the highest possible standards of professionalism and quality\nin its audits and investigations. I would like to acknowledge our auditors, investigators, and support\nstaff for their superior work and commitment to the mission of our office.\n\nFinally, the success of the NRC OIG would not be possible without the collaborative work between\nmy staff and agency managers to address OIG findings and implement the recommendations made\nby my office. I wish to thank them for their dedication and support, and I look forward to their\ncontinued cooperation as we work together to ensure the integrity of agency operations.\n\n\n\n\nHubert T. Bell\nInspector General\n\n\n\n\n                                                                                                    i\n                                                                     April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0cii                          Reactor Refueling Operation\n\nNRC OIG Semiannual Report\n\x0c                                                                                                CONTENTS\nHighlights ...................................................................................................................v\nOIG Organization and Activities . ..........................................................................1\n\t     NRC\xe2\x80\x99s Mission .....................................................................................................1\n\t     OIG Mission and Strategies ...............................................................................2\n\t\t          Inspector General History ...........................................................................2\n\t\t          OIG Mission ..................................................................................................2\n\t\t          Audit Program ...............................................................................................3\n\t\t          Investigative Program ...................................................................................4\n\t     OIG General Counsel Activities . ......................................................................5\n\t\t          Regulatory Review ........................................................................................5\n\t     Other Activities.....................................................................................................7\n\t\t          Support of the IG Community in Training Presentation..........................7\n\t\t          OIG Senior Official Retires...........................................................................9\nAudits .......................................................................................................................10\n\t     Audit Summaries . .............................................................................................10\n\t     Audits In Progress .............................................................................................22\nInvestigations ...........................................................................................................26\n\t     Investigative Case Summaries .........................................................................26\nStatistical Summary of OIG Accomplishments .................................................33\n\t     Investigative Statistics .......................................................................................33\n\t     Audit Listings . ...................................................................................................35\n\t     Audit Resolution Activities ..............................................................................37\nAbbreviations and Acronyms . ..............................................................................40\nReporting Requirements ........................................................................................41\n\n\n\n\n                                                                                                                                   iii\n                                                                                             April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0civ                          Limerick Generating Station, near Philadelphia, PA\nNRC OIG Semiannual Report\n\x0c                                                                    HIGHLIGHTS\nThe following two sections highlight selected audits and investigations completed\nduring this reporting period. More detailed summaries appear in subsequent\nsections of this report.\n\nAUDITS\n\xe2\x80\xa2\t NRC receives Freedom Support Act funds from the U.S. Agency for Inter-\n   national Development (USAID) to support provisions of nuclear regulatory\n   safety and security assistance to the regulatory authorities of Armenia, Georgia,\n   Kazakhstan, Russia, and Ukraine.  These funds support activities that include\n   strengthening regulatory oversight of the startup, operation, shutdown, and\n   decommissioning of Soviet-designed nuclear power plants; the safe and secure\n   use of radioactive materials; and accounting for and protection of nuclear\n   materials. The audit objectives were to determine the adequacy of manage-\n   ment controls over the use of USAID funds and if corrective actions from a\n   previous audit were implemented.\n\xe2\x80\xa2\t NRC\xe2\x80\x99s policy is to provide training that improves employees\xe2\x80\x99 organizational\n   performance in achieving the agency\xe2\x80\x99s mission and goals. The Office of Human\n   Resources is responsible for planning and implementing agencywide training\n   and develops policies and programs designed to establish, maintain, and\n   enhance regulatory, technical, professional, and leadership skills. The objective\n   of this evaluation was to determine the effectiveness of the agency\xe2\x80\x99s training\n   and development program to meet current and future needs.\n\xe2\x80\xa2\t NRC\xe2\x80\x99s enforcement jurisdiction is drawn from the Atomic Energy Act of\n   1954, as amended, and the Energy Reorganization Act of 1974, as amended.\n   In recognition that violations occur in a variety of activities and have varying\n   levels of significance, the Commission set out to create an enforcement frame-\n   work with graduated sanctions to reflect this diversity. Violations are identi-\n   fied through inspections and investigations. All violations are subject to civil\n   enforcement action and may also be subject to criminal prosecution. The\n   objectives of this audit were to determine how NRC assesses the significance\n   of violations and the level of enforcement action to be taken.\n\xe2\x80\xa2\t The Federal Information Security Management Act outlines information\n   security management requirements for agencies, including the requirement\n   for an annual review and annual independent assessment by agency inspec-\n   tors general. The annual assessments provide agencies with the information\n\n                                                                                                    v\n                                                                      April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                          needed to determine the effectiveness of overall security programs and to\n                          develop strategies and best practices for improving information security.\n                   \xe2\x80\xa2\t Laptops used at NRC are either (1) connected to the NRC local area network\n                      (LAN) or (2) used as standalone systems. Some of the laptops are used to\n                      process safeguards and/or classified information. These are considered \xe2\x80\x9clisted\n                      systems.\xe2\x80\x9d Laptops connected to the NRC LAN are protected by the LAN\xe2\x80\x99s\n                      security controls. The audit objectives were to evaluate the effectiveness of\n                      NRC\xe2\x80\x99s security policies for laptop computers.\n\n                   INVESTIGATIONS\n                   \xe2\x80\xa2\t OIG completed an investigation into claims by an NRC applicant who had\n                      submitted a request for a design certification for a new boiling water reactor.\n                      The applicant alleged that during an NRC audit of the applicant\xe2\x80\x99s software\n                      quality assurance program, an NRC audit contractor attempted to solicit work\n                      from the applicant.\n                   \xe2\x80\xa2\t OIG completed two separate investigations involving NRC material licensees\n                      that falsely certified themselves as small business entities to receive reduced\n                      material license fees.\n                   \xe2\x80\xa2\t OIG completed an investigation into concerns raised regarding the extent of\n                      the NRC staff review of license renewal applications. These concerns were\n                      raised by an OIG audit report1 issued in September 2007. The OIG audit\n                      report identified cases where review documents prepared by NRC contained\n                      nearly word-for-word repetition of renewal application text without attribu-\n                      tion to the applicant.\n                   \xe2\x80\xa2\t OIG completed an Event Inquiry in response to concerns that NRC staff\n                      mishandled a security related allegation pertaining to inattentive security\n                      officers at Peach Bottom Atomic Power Station.\n                   \xe2\x80\xa2\t OIG conducted an investigation into concerns that NRC staff may have assisted\n                      or redirected a composite adversary force during a force-on-force security\n                      training exercise at Sequoyah Nuclear Power Plant in a manner that affected\n                      the outcome of the exercise.\n\n\n\n\nvi\n                   1\n                       Audit of NRC\xe2\x80\x99s License Renewal Program, OIG-07-A-15, September 6, 2007\n\n\n\nNRC OIG Semiannual Report\n\x0c   OIG ORGANIZATION AND ACTIVITIES\nNRC\xe2\x80\x99S MISSION\nNRC was formed in 1975, in accordance with the Energy Reorganization Act\nof 1974, to regulate the various commercial and institutional uses of nuclear\nmaterials. The agency succeeded the Atomic Energy\nCommission, which previously had responsibility for\nboth developing and regulating nuclear activities.\n\nNRC\xe2\x80\x99s mission is to regulate the Nation\xe2\x80\x99s civilian use of\nbyproduct, source, and special nuclear materials to\nensure adequate protection of public health and safety,\npromote the common defense and security, and protect\nthe environment. NRC\xe2\x80\x99s regulatory mission covers\nthree main areas:\n\n\xe2\x80\xa2\t Reactors - Commercial reactors that generate\n   electric power and research and test reactors used for research, testing, and\n   training.\n\n\xe2\x80\xa2\t Materials - Uses of nuclear materials in medical, industrial, and academic\n   settings and facilities that produce nuclear fuel.\n\n\xe2\x80\xa2\t Waste - Transportation, storage, and disposal of nuclear materials and waste,\n   and decommissioning of nuclear facilities from service.\n\nUnder its responsibility to protect public health and safety, NRC has three principal\nregulatory functions: (1) establish standards and regulations, (2) issue licenses\nfor nuclear facilities and users of nuclear materials, and (3) inspect facilities and\nusers of nuclear materials to ensure compliance with the requirements. These\nregulatory functions relate both to nuclear power plants and other uses of nuclear\nmaterials \xe2\x80\x93 like nuclear medicine programs at hospitals, academic activities at\neducational institutions, research, and such industrial applications as gauges and\ntesting equipment.\n\nThe NRC maintains a current Web site and a public document room in Rockville,\nMaryland (NRC headquarters), and holds public hearings, public meetings in local\nareas and at NRC offices, and discussions with individuals and organizations.\n\n                                                                                                    1\n                                                                       April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   OIG MISSION AND STRATEGIES\n                   Inspector General History\n\n                   In the 1970s, Government scandals, oil shortages, and stories of corruption covered\n                   by newspapers, television, and radio stations took a toll on the American public\xe2\x80\x99s\n                   faith in its Government.  The U.S. Congress knew it had to take action to restore\n                   the public\xe2\x80\x99s trust. It had to increase oversight of Federal programs and opera-\n                   tions. It had to create a mechanism to evaluate the effectiveness of Government\n                   programs. And, it had to provide an independent voice for economy, efficiency,\n                   and effectiveness within the Federal Government that would earn and maintain\n                   the trust of the American people.\n\n                   In response, President Jimmy Carter in 1978 signed into law the landmark\n                   legislation known as the Inspector General Act (IG Act). The IG Act created\n                   independent Inspectors General (IG), who would protect the integrity of Govern-\n                   ment; improve program efficiency and effectiveness; prevent and detect fraud,\n                   waste, and abuse in Federal agencies; and keep agency heads, Congress, and the\n                   American people fully and currently informed of the findings of IG work.\n\n                   Today, the IG concept is a proven success. The IGs continue to deliver significant\n                   benefits to our Nation. Thanks to IG audits and inspections, billions of dollars\n                   have been returned to the Federal Government or have been better spent based\n                   on recommendations identified through those audits and inspections. IG inves-\n                   tigations have also contributed to the prosecution of thousands of wrongdoers.\n                   In addition, the IG concept of good governance, accountability, and monetary\n                   recoveries encourages foreign governments to seek our advice, with the goal of\n                   replicating the basic IG principles in their own governments.\n\n                   OIG Mission\n\n                   NRC\xe2\x80\x99s OIG was established as a statutory entity on April 15, 1989, in accordance\n                   with the 1988 amendment to the IG Act. NRC OIG\xe2\x80\x99s mission is to (1) indepen-\n                   dently and objectively conduct and supervise audits and investigations relating\n                   to NRC programs and operations; (2) prevent and detect fraud, waste, and abuse;\n                   and (3) promote economy, efficiency, and effectiveness in NRC programs and\n                   operations.\n\n\n2\nNRC OIG Semiannual Report\n\x0cOIG is committed to ensuring the integrity of NRC programs and operations.\nDeveloping an effective planning strategy is a critical aspect of accomplishing\nthis commitment. Such planning ensures that audit and investigative resources\nare used effectively. To that end, OIG developed a Strategic Plan that includes\nthe major challenges and critical risk areas facing NRC.\n\nThe plan identifies the priorities of OIG and establishes a shared set of expecta-\ntions regarding the goals OIG expects to achieve and the strategies that will be\nemployed to do so. OIG\xe2\x80\x99s Strategic Plan features three goals which generally align\nwith NRC\xe2\x80\x99s mission and goals:\n\n1.\t Strengthen NRC\xe2\x80\x99s efforts to protect public health and safety and the\n    environment.\n\n2.\t Enhance NRC\xe2\x80\x99s efforts to increase security in response to an evolving threat\n    environment.\n\n3.\t Increase the economy, efficiency, and effectiveness with which NRC manages\n    and exercises stewardship over its resources.\n\nAudit Program\n\nThe OIG Audit Program covers the management and financial operations; economy\nor efficiency with which an organization, program, or function is managed; and\nprogram results achieved. For this program, auditors assess the degree to which\nan organization complies with laws, regulations, and internal policies in carrying\nout programs, and they test program effectiveness as well as the accuracy and\nreliability of financial statements. The overall objective of an audit is to identify\nways to enhance agency operations and promote greater economy and efficiency.\nAudits comprise four phases:\n\n\xe2\x80\xa2\t Survey phase - An initial phase of the audit process is used to gather informa-\n   tion, without detailed verification, on the agency\xe2\x80\x99s organization, programs,\n   activities, and functions. An assessment of vulnerable areas determines whether\n   further review is needed.\n\n\xe2\x80\xa2\t Verification phase - Detailed information is obtained to verify findings and\n   support conclusions and recommendations.\n\n                                                                                                    3\n                                                                       April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   \xe2\x80\xa2\t Reporting phase - The auditors present the information, findings, conclusions,\n                      and recommendations that are supported by the evidence gathered during the\n                      survey and verification phases.  Exit conferences are held with management\n                      officials to obtain their views on issues in the draft audit report. Comments\n                      from the exit conferences are presented in the published audit report, as\n                      appropriate. Formal written comments are included in their entirety as an\n                      appendix in the published audit report.\n\n                   \xe2\x80\xa2\t Resolution phase - Positive change results from the resolution process in\n                      which management takes action to improve operations based on the recom-\n                      mendations in the published audit report. Management actions are monitored\n                      until final action is taken on all recommendations. When management and\n                      OIG cannot agree on the actions needed to correct a problem identified in\n                      an audit report, the issue can be taken to the Chairman for resolution.\n\n                   Each September, OIG issues an Annual Plan that summarizes the audits planned\n                   for the coming Fiscal Year (FY).  Unanticipated high priority issues may arise that\n                   generate audits not listed in the Annual Plan. OIG audit staff continually monitor\n                   specific issues areas to strengthen OIG\xe2\x80\x99s internal coordination and overall planning\n                   process.  Under the OIG Issue Area Monitor (IAM) program, staff designated as\n                   IAMs are assigned responsibility for keeping abreast of major agency programs\n                   and activities. The broad IAM areas address nuclear reactors, nuclear materials,\n                   nuclear waste, international programs, security, information management, and\n                   financial management and administrative programs.\n\n                   Investigative Program\n\n                   OIG\xe2\x80\x99s responsibility for detecting and preventing fraud, waste, and abuse within\n                   NRC includes investigating possible violations of criminal statutes relating to NRC\n                   programs and activities, investigating misconduct by NRC employees, interfacing\n                   with the Department of Justice on OIG-related criminal matters, and coordinating\n                   investigations and other OIG initiatives with Federal, State, and local investigative\n                   agencies and other OIGs. Investigations may be initiated as a result of allegations\n                   or referrals from private citizens; licensee employees; NRC employees; Congress;\n                   other Federal, State, and local law enforcement agencies; OIG audits; the OIG\n                   Hotline; and IG initiatives directed at areas bearing a high potential for fraud,\n                   waste, and abuse.\n\n\n4\nNRC OIG Semiannual Report\n\x0cBecause NRC\xe2\x80\x99s mission is to protect the health and safety of the public, one of the\nInvestigation unit\xe2\x80\x99s main focus and use of resources is investigations of alleged\nconduct by NRC staff that could adversely impact the agency\xe2\x80\x99s handling of matters\nrelated to health and safety. These investigations may include allegations of:\n\n\xe2\x80\xa2\t Misconduct by high ranking NRC officials and other NRC officials, such as\n   managers and inspectors, whose positions directly impact public health and\n   safety.\n\n\xe2\x80\xa2\t Failure by NRC management to ensure that health and safety matters are\n   appropriately addressed.\n\n\xe2\x80\xa2\t Failure by NRC to appropriately transact nuclear regulation publicly and\n   candidly and to openly seek and consider the public\xe2\x80\x99s input during the regu-\n   latory process.\n\n\xe2\x80\xa2\t Conflict of interest by NRC employees with NRC contractors and licensees\n   involving such matters as promises of future employment for favorable or\n   inappropriate treatment and the acceptance of gratuities.\n\n\xe2\x80\xa2\t Fraud in the NRC procurement program involving contractors violating\n   Government contracting laws and rules.\n\nOIG has also implemented a series of proactive initiatives designed to identify\nspecific high-risk areas that are most vulnerable to fraud, waste, and abuse. A\nprimary focus is electronic-related fraud in the business environment. OIG is\ncommitted to improving the security of this constantly changing electronic busi-\nness environment by investigating unauthorized intrusions and computer-related\nfraud, and by conducting computer forensic examinations.  Other proactive initia-\ntives focus on determining instances of procurement fraud, theft of property,\nGovernment credit card abuse, and fraud in Federal programs.\n\nOIG GENERAL COUNSEL ACTIVITIES\nRegulatory Review\n\nPursuant to the Inspector General Act, 5 U.S.C. App. 3, Section 4(a)(2), OIG\nreviews existing and proposed legislation, regulations, policy, and implementing\n\n\n                                                                                                   5\n                                                                      April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   Management Directives (MD), and makes recommendations to the agency\n                   concerning their impact on the economy and efficiency of agency programs and\n                   operations.\n\n                   It is important to emphasize that OIG comments in regulatory review are an objec-\n                   tive analysis of the language of proposed agency statutes, directives, regulations,\n                   and policies to identify vulnerabilities potentially resulting from these agency\n                   documents. Regulatory review is intended to provide assistance and guidance\n                   to the agency prior to the concurrence process to avoid formal implementation\n                   of potentially flawed documents. OIG does not concur or object to the agency\n                   actions reflected in the regulatory documents, but rather offers comments and\n                   requests responsive action within specified time frames.\n\n                   From April 1, 2008, through September 30, 2008, OIG reviewed more than 265\n                   agency documents, including approximately 150 Commission papers (SECYs)\n                   and Staff Requirements Memoranda and 115 Federal Register Notices, regulatory\n                   actions, and statutes.\n\n                   To effectively track the agency\xe2\x80\x99s response to regulatory review comments, OIG\n                   requests written replies to its comments within 90 days, with either a substantive\n                   reply or status of issues raised.\n\n                   During this reporting period, the following significant comment was provided\n                   to the agency and is summarized below.\n\n                        Draft Management Directive and Handbook 6.4, Generic Issues Program,\n                        was initiated to implement changes to that program incorporating prin-\n                        ciples reflected in SECY-07-0022, Status Report on Proposed Improvements\n                        to the Generic Issues Program. The changes focused on ensuring timeliness\n                        of issue resolution, clarifying roles and responsibilities, increasing stake-\n                        holder participation, and establishing clear interfaces between the Generic\n                        Issues Program (GIP) and other program office processes and activities, and\n                        assuring that only issues that cannot be handled by other regulatory offices\n                        and programs are addressed under the GIP. OIG found that the directive\n                        and handbook adequately addressed the major issues related to this topic.\n                        The areas identified for additional clarification included further definitions\n                        and direction as to whether generic issues may be submitted confidentially.\n                        OIG provided additional guidance regarding the adequacy of the metrics\n\n6\nNRC OIG Semiannual Report\n\x0c     or procedures to be employed for monitoring the ultimate resolution of\n     underlying generic issues to avoid recurrence of the issues after regulatory\n     action has been taken.\n\nIn addition, two draft directives, MD 7.1 and MD 7.2, reviewed during this period\nwere issued by the agency General Counsel to comply with the Comprehensive\nFive Year Plan to Update References, clarify certain legal standards and procedures\nwithin them, and reformat the documents in accordance with agency standard-\nized templates.\n\n     MD 7.1, Tort Claims Against the United States, is intended to establish agency\n     procedures for acting on tort claims filed against the United States under the\n     Federal Tort Claims Act. These generally include suits for damage or losses\n     caused by the negligent or wrongful act or omission of any NRC employee\n     while acting within the scope of his/her office or employment. The updated\n     draft document provided comprehensive direction on the major issues related\n     to this topic. The OIG comments suggested inclusion of guidance related to\n     referral to the Inspector General in cases where IG investigation would be\n     appropriate and addition of the IG Act as a reference in the document.\n\n     MD 7.2, Claims for Personal Property Loss or Damage, is a guide intended to\n     establish procedures to cover the settlement and payment of claims for loss\n     or damage to personal property of employees incident to their services with\n     NRC, under specified statutes. OIG suggested inclusion of OIG jurisdiction\n     and the IG Act as a reference within the document, and information on the\n     referral of claims to the appropriate prosecuting authority. OIG\xe2\x80\x99s comments\n     added more specific direction regarding authority to make determinations\n     of fraud and consequences of fraudulent claims.\n\nFinally, the agency provided responsive comments to an earlier issued comment\nand followed up with formal discussions on one commentary.\n\nOTHER ACTIVITIES\nSupport of the IG Community in Training and Presentations\n\nThe Attorney General guidelines for statutory law enforcement authority for IG\ncommunity 1811 special agents require periodic training on specified legal issues.\n\n                                                                                                   7\nThe Inspector General Academy, part of the Federal Law Enforcement Training\n\n\n                                                                      April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   Center (FLETC), was tasked with formulating the syllabus for the training and\n                   identification of appropriate teaching staff. The NRC OIG General Counsel,\n                   Maryann Grodin, participated in a taskforce of attorneys from several IG offices\n                   that constructed a model 3-hour course and participated in training a cadre of\n                   attorney-trainers. The pilot class was completed successfully and this module is\n                   scheduled to be included in future refresher training for all IG agents.\n\n                   The Council of Counsels to Inspectors General sponsors annual training for law\n                   students working as summer interns in IG offices in the Washington, DC, area.\n                   Ms. Grodin provided the 1-hour presentation on the History and Concept of the\n                   Inspector General for this year\xe2\x80\x99s interns.\n\n                   Issues related to privacy in IG investigations were part of a 2-day program, the\n                   Federal Law Enforcement Legal Advisors Conference, sponsored by the Drug\n                   Enforcement Administration, the Federal Bureau of Investigation, and FLETC.\n                   Ms. Grodin served on a panel, along with Richard Reback, IG Counsel for the\n                   Department of Homeland Security, and Cedric Campbell, Assistant Counsel for\n                   the National Aeronautics and Space Administration IG. Ms. Grodin\xe2\x80\x99s presentation\n                   focused on statutes requiring and prohibiting disclosure of investigative informa-\n                   tion and discussed case law that illustrated the results of failure to comply with\n                   statutory and regulatory privacy requirements.\n\n                   In addition, Ms. Grodin was invited to serve as a guest speaker for the annual\n                   Space and Warfare Command Inspector General Conference. During that 3-day\n                   meeting, she provided a presentation to more than 70 IG investigators, auditors,\n                   and attorneys from a variety of field offices and with varying experience levels.  \n                   Her presentation covered three major areas, the IG concept and structure, privacy\n                   issues, and witness interview concerns. During her lecture, Ms. Grodin related\n                   both the statutory and regulatory authority and standards applicable to each of\n                   the topics, and illustrated each discussion area with examples from practice and\n                   evolving case law.\n\n\n\n\n8\nNRC OIG Semiannual Report\n\x0cOIG Senior Official Retires\n\nGeorge A. Mulley, Jr., Senior Level Assistant for Inves-\ntigative Operations, retired from the NRC OIG after\nnearly 26 years with the office. Mr. Mulley was a vital\nasset to both the OIG and NRC from October 18, 1982,\nwhen he joined the NRC\xe2\x80\x99s Office of the Inspector and\nAuditor, the predecessor office to the OIG, until his\nretirement from OIG on August 30, 2008. During this\ntime, Mr. Mulley held a series of leadership positions,\ndemonstrating rigorous and steadfast commitment to\nNRC\xe2\x80\x99s public safety mission by conducting or overseeing\ninvestigations and issuing reports identifying significant\nissues concerning NRC\xe2\x80\x99s regulatory oversight of the\nNation\xe2\x80\x99s nuclear industry.                                   George A. Mulley, Jr.\n\nDuring his tenure, Mr. Mulley maintained the high regard of senior NRC managers\nfor his understanding of technical and regulatory issues, and established an excel-\nlent rapport with the nuclear industry, intervener groups, and Congressional\nstaff members.\n\nHis commitment to excellence, tireless efforts, and dedication to duty will\nbe missed.\n\n\n\n\n                                                                                                    9\n                                                                       April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0cAUDITS\n                   To help the agency improve its effectiveness and efficiency during this period, OIG\n                   completed 11 financial and performance audits or evaluations, 7 of which are\n                   summarized here, that resulted in numerous recommendations to NRC manage-\n                   ment. OIG also analyzed 2 contract audit reports.\n\n                   AUDIT SUMMARIES\n                   Audit of NRC\xe2\x80\x99s USAID-Funded Activities\n\n                   OIG Strategic Goal: Corporate Management\n\n                  NRC receives Freedom Support Act (FSA) funds from the USAID to support\n                   provisions of nuclear regulatory safety and security assistance to the regulatory\n                   authorities of Armenia, Georgia, Kazakhstan, Russia, and Ukraine.  These funds\n                  support activities that include strengthening regulatory oversight of the startup,\n                                                                  operation, shutdown, and decom-\n                                                                  missioning of Soviet-designed\n                                                                  nuclear power plants; the safe and\n                RUSSIA\n                                                                  secure use of radioactive materials;\n    UKRAINE\n                                    KAZAKHSTAN\n                                                                  and accounting for and protection\n                                                                  of nuclear materials.\n\n                                 UZBEKISTAN\n                                                                      The Office of International\n           GEORGIA                              KYRGYZSTAN            Programs has responsibility for\n             ARMENIA     AZERBAIJAN\n         TURKEY                    TURKMENISTAN  TAJIKISTAN\n                                                                CHINA NRC\xe2\x80\x99s use of FSA funds. This\n                                                                      responsibility includes coordina-\n              SYRIA\n                                            AFGHANISTAN               tion within NRC, with other U.S.\n                                 IRAN\n                    IRAQ                                    INDIA\n                                                     PAKISTAN\n                                                                      Government agencies involved\n                                                                      with assistance activities, and\nMap highlights former Soviet Union countries that receive             with other international donors.\nFSA funds from NRC.                                                   For FY 1992 through FY 2007,\n                                                                      USAID provided NRC approxi-\n                   mately $53,315,000 in FSA funding for assistance programs to improve near-term\n                   safety of Soviet designed reactors and enhance regulatory oversight of radioactive\n                   sources in Armenia, Georgia, Kazakhstan, Russia, and Ukraine.  The audit objectives\n                   were to determine the adequacy of management controls over the use of USAID\n                   funds and if corrective actions from a previous audit were implemented.\n\n\n10\nNRC OIG Semiannual Report\n\x0cAudit Results:\n\nWhile the Memoranda of Agreement between USAID and NRC specify the dollar\namounts allocated to each of five Former Soviet Union countries, the methodology\nused by NRC to pay individual contract invoices resulted in a miscategoriza-\ntion of approximately $154,000 of FSA funds on the agency\xe2\x80\x99s official accounting\nrecords for the audit period. This condition is the result of inadequate contract\nprovisions, noncompliance with agency\npolicy, and undocumented and incorrect                   FSA SUPPORT TO NRC\noffice procedures.  Unless corrected, this   FISCAL YEARS 1992 THROUGH 2007 FUNDS\n                                                            (Dollars in Thousands)\npayment practice could result in NRC\noverspending the FSA amounts allocated                                     Armenia,\nby USAID to specific countries.                                             $6,965\n                                                  Ukraine,\n                                                  $21,583                              Georgia, $220\nU.S. Government Accountability Office\nand agency policies require that manage-                                                       Kazakhstan,\n                                                                                                 $7,020\nment provide timely review and approval\nof transactions. However, NRC did not\nprocess Department of Energy labora-\ntory agreement transactions within the                                    Russia,\nrequired timeframe because the agency                                     $17,527\nis not following existing policy and lacks\nquality controls involving supervisory review. Without adherence to agency policy\nand quality controls regarding transaction processing, the potential for improper\npayments is increased. (Addresses Management Challenge #7)\n\nEvaluation of NRC\xe2\x80\x99s Training and Development Program\n\nOIG Strategic Goal: Corporate Management\n\nNRC\xe2\x80\x99s policy is to provide training that improves employees\xe2\x80\x99 organizational\nperformance in achieving the agency\xe2\x80\x99s mission and goals. The Office of Human\nResources (HR) is responsible for planning and implementing agencywide training\nand develops policies and programs designed to establish, maintain, and enhance\nregulatory, technical, professional, and leadership skills. Formal in-house training\nprovided by HR includes all training developed and sponsored by the Professional\nDevelopment Center in Bethesda, Maryland, and the Technical Training Center\nin Chattanooga, Tennessee.  In addition, NRC uses external training programs\nto augment the training provided in-house.\n                                                                                                  11\n                                                                       April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   The training program is challenged by a planned significant increase in staff. By\n                   2009, the agency expects to increase the number of staff by 600.\n\n                   The objective of this evaluation was to determine the effectiveness of the agency\xe2\x80\x99s\n                   training and development program to meet current and future needs.\n\n                   Evaluation Results:\n\n                   The evaluation team reviewed existing reports on the Training and Development\n                   Program and conducted qualitative research consisting of interviews with HR\n                   staff members, agency employees, managers, and executives.  The evaluation\n                   disclosed that:\n\n                   \xe2\x80\xa2\t Efforts to maintain training documents, track changes, and control current\n                      versions are not consistent across all HR branches. Inconsistent and incom-\n                      plete content management practices and tools have hampered the ability to\n                      manage and control course content. The inability to consistently manage and\n                      control content impacts the ability to provide effective and relevant training\n                      and development programs.\n\n                   \xe2\x80\xa2\t Regional offices have difficulties in scheduling new and current employees\n                      for training. Employees\xe2\x80\x99 inability to schedule training in a timely fashion\n                      has delayed the acquisition of skills needed to perform their jobs and meet\n                      qualification requirements.\n\n                   \xe2\x80\xa2\t HR has limited ability to demonstrate the impact of its Training and Develop-\n                      ment Program on NRC\xe2\x80\x99s mission using current performance measures. Without\n                      effective performance metrics, HR is unable to demonstrate its contribution\n                      to NRC\xe2\x80\x99s mission and risks future support and funding.\n\n                   \xe2\x80\xa2\t Current evaluation strategies are limited in their ability to demonstrate the\n                      effectiveness of training. Without a strategy that standardizes the training\n                      evaluation procedure and metrics, NRC cannot accurately measure and monitor\n                      its achievement of goals.\n\n                   \xe2\x80\xa2\t HR\xe2\x80\x99s continued reliance on the traditional classroom as the primary delivery\n                      method for training is being strained by an increasing number of students as\n                      well as new training needs. HR has not developed an e-learning strategy or\n\n\n12\n                      implementation plan to maximize the benefits of this investment and ensure\n\n\nNRC OIG Semiannual Report\n\x0c    it is meeting the agency\xe2\x80\x99s most pressing training needs. HR staff is strained to\n    meet all of the training needs in the traditional classroom with its current staff\n    and facility resources, but additional funding to support e-learning initiatives\n    may be difficult to obtain without a defined strategy and implementation plan.\n\n\xe2\x80\xa2\t In order to move into other forms of training delivery, HR will need to enhance\n   or supplement the skill sets of its staff. HR staff noted that there are limited\n   skills and resources for the development and deployment of e-learning among\n   the current staff. If NRC plans to implement more e-learning solutions,\n   HR will need to find ways to close the e-learning skill gaps\xe2\x80\x94either through\n   training, hiring, or outsourcing. Attempting to develop effective e-learning\n   programs without the necessary skills can lead to staff frustration and ineffective\n   learning opportunities for employees. (Addresses Management Challenge #8)\n\nAudit of NRC\xe2\x80\x99s Premium Class Travel\n\nOIG Strategic Goal: Corporate Management\n\nNRC is required to follow the Federal Travel Regula-\ntions (FTR) for all travel taken for Government business.\nThe FTR, issued by the General Services Administration,\nimplements statutory and Office of Management and\nBudget (OMB) requirements and policies for most Federal civilian employees and\nothers authorized to travel at the Government\xe2\x80\x99s expense.  OMB\xe2\x80\x99s policy related to\ntravel is that taxpayers should not pay more than necessary to transport Govern-\nment employees and officials. Consistent with this principle, the FTR states that,\nwith limited exceptions, travelers must use coach class accommodations for both\ndomestic and international travel.\n\nThe objectives of the audit were to determine if (1) travel costs associated with\npremium air travel (i.e., per diem) are properly authorized, justified, and documented\nand (2) premium air travel is properly authorized, justified, and documented.\n\nAudit Results:\n\nNRC generally complied with FTR per diem requirements for trips involving\npremium travel during the time period reviewed. Additionally, during this time\nperiod, NRC made significant improvements in processing travel vouchers.\n\n                                                                                                 13\n                                                                        April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   However, despite Federal and agency policies requiring that premium air travel\n                   be used only when warranted, approximately 50 percent of the premium air\n                   travel taken by NRC employees, between October 1, 2006, and March 31, 2008,\n                   was inappropriately authorized, justified, and/or documented. Additionally,\n                   NRC did not fully comply with OMB guidance with regard to the definition of a\n                   rest period. Further, NRC\xe2\x80\x99s premium travel approval process for the Chairman\xe2\x80\x99s\n                   travel differs from other Federal commissions. These problems occurred because\n                   NRC premium air travel guidance is inconsistent, unclear, and misleading to\n                   employees. The absence of proper controls over the premium air travel program\n                   resulted in NRC overspending approximately $104,000 on unjustified premium\n                   travel during the 18-month period. With improved controls over the process,\n                   NRC would have been able to put these funds to better use. (Addresses Manage-\n                   ment Challenge #7)\n\n                   Audit of NRC\xe2\x80\x99s Enforcement Program\n\n                   OIG Strategic Goal: Safety\n\n                   NRC\xe2\x80\x99s enforcement jurisdiction is drawn from the Atomic Energy Act of 1954,\n                   as amended, and the Energy Reorganization Act of 1974, as amended. In recog-\n                   nition that violations occur in a variety of activities and have varying levels of\n                   significance, the Commission set out to create an enforcement framework with\n                   graduated sanctions to reflect this diversity. The Commission\xe2\x80\x99s first public state-\n                   ment of policy on enforcement (the first Enforcement Policy) was published in\n                   1980. Although the policy statement has changed several times, two goals of\n                   the enforcement program remain unchanged: to emphasize the importance of\n                   compliance with regulatory requirements and to encourage prompt identification\n                   and prompt, comprehensive correction of violations. The enforcement program\n                   is also intended to meet the agency\xe2\x80\x99s performance goals.\n\n                   Violations are identified through inspections and investigations. All violations are\n                   subject to civil enforcement action and may also be subject to criminal prosecu-\n                   tion. After an apparent violation is identified, it is assessed in accordance with the\n                   Commission\xe2\x80\x99s Enforcement Policy. Because the policy statement is not a regula-\n                   tion, the Commission may deviate from the Enforcement Policy as appropriate\n                   under the circumstances of a particular case.\n\n\n\n14\nNRC OIG Semiannual Report\n\x0cThe audit objectives were to determine how NRC assesses the significance of\nviolations and the level of enforcement action to be taken.\n\nAudit Results:\n\nEnforcement is a vital regulatory activity and NRC expects consistent agencywide\nimplementation of its Enforcement Program. However, the agency\xe2\x80\x99s four regional\noffices inconsistently implement the program in ways that can significantly impact\nthe enforcement process. These differences occur because the agency has not\nissued clear and comprehensive guidance\nto facilitate program consistency. Regional                      HOW NRC REGULATES\ninconsistencies in Enforcement Program\nimplementation can leave agency enforce-\nment decisions vulnerable to challenge,                            Regulations and Guidance\n                                                                   \xe2\x80\xa2 Rulemaking\n\npotentially compromising public confidence                         \xe2\x80\xa2 Guidance Development\n                                                                   \xe2\x80\xa2 Generic Communications\n\nin NRC\xe2\x80\x99s Enforcement Program.                                      \xe2\x80\xa2 Standards Development\n\n\n\n\nFurthermore, although NRC staff need                                                                 Licensing,\n                                                     Operational                                  Decommissioning\ncomplete and reliable enforcement infor-\n                                                                       Support for Decisions\n                                                     Experience                                    and Certification\n                                                                        \xe2\x80\xa2 Research Activities\n\nmation for decisionmaking and reporting          \xe2\x80\xa2 Events Assessment\n                                                 \xe2\x80\xa2 Generic Issues\n                                                                        \xe2\x80\xa2 Advisory Activities\n                                                                        \xe2\x80\xa2 Adjudication\n                                                                                                  \xe2\x80\xa2 Licensing\n                                                                                                  \xe2\x80\xa2 Decommissioning\n\npurposes, complete and reliable enforce-                                                          \xe2\x80\xa2 Certification\n\n\nment data is not readily available. Data avail-\nability and reliability issues exist because                                  Oversight\n                                                                     \xe2\x80\xa2 Inspection\nNRC has not (1) defined systematic data                              \xe2\x80\xa2 Performance Assessment\n                                                                     \xe2\x80\xa2 Enforcement\ncollection requirements regarding non-                               \xe2\x80\xa2 Allegations\n                                                                     \xe2\x80\xa2 Investigations\nescalated enforcement activity for other\nthan the reactor program or (2) instituted\na quality assurance process over non-escalated enforcement data used for reporting\npurposes. Without complete and reliable information, enforcement decision-\nmakers cannot ensure appropriate processing of enforcement issues, and staff\nmay miss opportunities to identify precedents or trends that would be useful in\nguiding appropriate enforcement responses. Furthermore, the agency cannot\nensure it is reporting accurately on Enforcement Program activity. (Addresses\nManagement Challenges #1 and #3)\n\n\n\n\n                                                                                                          15\n                                                                              April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   Independent Evaluation of NRC\xe2\x80\x99s Implementation of the Federal Infor-\n                   mation Security Management Act for Fiscal Year 2008\n\n                   OIG Strategic Goal: Security\n\n                   The Federal Information Security Management Act (FISMA) was enacted on\n                   December 17, 2002. FISMA permanently reauthorized the framework laid out in\n                   the Government Information Security Reform Act, which expired in November\n                   2002. FISMA outlines the information security management requirements for\n                   agencies, including the requirement for an annual review and annual indepen-\n                   dent assessment by agency inspectors general. In addition, FISMA includes new\n                   provisions such as the development of minimum standards for agency systems,\n                   aimed at further strengthening the security of Federal Government information\n                   and information systems. The annual assessments provide agencies with the infor-\n                   mation needed to determine the effectiveness of overall security programs and to\n                   develop strategies and best practices for improving information security.\n\n                   The objectives of this evaluation were to evaluate (1) the adequacy of NRC\xe2\x80\x99s\n                   information security programs and practices for NRC major applications and\n                   general support systems of record for FY 2008, (2) the effectiveness of agency\n                   information security control techniques, and (3) the implementation of NRC\xe2\x80\x99s\n                   corrective action plan created as a result of the 2007 FISMA program review.\n\n                   Evaluation Results:\n\n                   Over the past 6 years, NRC has made improvements to its information system\n                   security program and continues to make progress in implementing the recom-\n                   mendations resulting from previous FISMA evaluations. In order to meet FISMA\n                   requirements as they relate to information technology (IT) security, the Commis-\n                   sion, on November 14, 2007, approved the establishment of the Computer Security\n                   Office.  The new office reports to the Deputy Executive Director for Informa-\n                   tion Services/Chief Information Officer and is headed by the Chief Information\n                   Security Officer.\n\n                   Two significant deficiencies, which were identified in the FY 2007 FISMA inde-\n                   pendent evaluation, were addressed in FY 2008.\n\n\n\n16\nNRC OIG Semiannual Report\n\x0cIn addition to making significant progress on the two significant deficiencies\nidentified in FY 2007, the agency has accomplished the following since the FY\n2007 FISMA independent evaluation:\n\n\xe2\x80\xa2\t All major applications and general support systems have been categorized in\n   accordance with Federal Information Processing Standards Publication 199,\n   Standards for Security Categorization of Federal Information and Information\n   Systems.\n\n\xe2\x80\xa2\t The agency completed annual security control testing for all agency systems\n   and for all contractor systems for which NRC has direct oversight.\n\n\xe2\x80\xa2\t The agency completed or updated security plans for 14 of the agency\xe2\x80\x99s 28\n   operational systems and for all contractor systems for which NRC has direct\n   oversight.\n\n\xe2\x80\xa2\t The agency has made progress in implementing the provisions of OMB\n   Memorandum M-07-16, Safeguarding Against and Responding to the Breach\n   of Personally Identifiable Information (PII).  For example, on September 19,\n   2007, NRC issued the NRC Personally Identifiable Information Breach Policy\n   and the NRC Plan to Eliminate the Unnecessary Collection and Use of Social\n   Security Numbers.\n\nWhile the agency has made significant improvements in its information system\nsecurity program and has made progress in implementing the recommendations\nresulting from previous FISMA evaluations, the independent evaluation identi-\nfied four information system security program weaknesses.\n\n\xe2\x80\xa2\t The NRC inventory does not identify interfaces between systems.\n\n\xe2\x80\xa2\t The quality of the agency\xe2\x80\x99s plans of action and milestones needs improve-\n   ment.\n\n\xe2\x80\xa2\t Not all Windows XP and Vista systems have implemented Federal Desktop\n   Core Configuration security settings.\n\n\xe2\x80\xa2\t The agency lacks procedures for ensuring employees with significant IT\n   security responsibilities receive security training. (Addresses Management\n   Challenge #2)\n\n                                                                                           17\n                                                                  April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                         Audit of NRC\xe2\x80\x99s Laptop Management\n\n                         OIG Strategic Goal: Security\n\n                         The NRC uses more than 1,550 laptop computers in its day-to-day operations.\n                         NRC owns, manages, and maintains approximately 85 percent of this laptop\n                         inventory, or approximately 1,300 laptops.  The Office of Information Services\n                         (OIS), Infrastructure and Computer Operation Division (ICOD), is responsible\n                         for developing and implementing policies, standards, and configurations to maxi-\n                         mize functionality, support, and security for laptops. Within ICOD, the Network\n                         Operations and Customer Services Branch is responsible for asset management\n                         of laptops. Although OIS has responsibility for issuing policies, standards, and\n                         configurations related to agency-owned laptops, individual offices are account-\n                         able for the immediate oversight of their assigned laptops, including management\n                         and maintenance.\n\n                                                                                           Laptops used at NRC are\n             LAPTOPS MISSING SECURITY CONTROLS                                             either (1) connected to the\n                                  (Sample = 49)\n                                                                                           NRC LAN or (2) used as\n                                                                                           standalone systems. Some of\n      Outdated Virus Protection                                                       39\n                                                                                           the laptops are used to process\n    Outdated Operating System                        14                                    safeguards and/or classi-\n            No Warning Banner                                                    33        fied information. These are\n      No PW Protected Scrn Svr                                                   33        considered \xe2\x80\x9clisted systems.\xe2\x80\x9d\nNo Individual Login or Password\n                                                                                           Laptops connected to the\n                                                                            31\n                                                                                           NRC LAN are protected by\n     Unrestricted Admin Rights                                       26\n                                                                                           the LAN\xe2\x80\x99s security controls.\n        Unauthorized Software                  9\n                                                                           A 2005 OIG report noted that\n                                  Number of Laptops that Lacked Security Controls\n                                                                           security controls for stand-\n                                                                           alone personal computers\n                         and laptops that are not used to process safeguards and/or classified informa-\n                         tion are not adequate. Laptops that are not used to process safeguards and/or\n                         classified information are not monitored for compliance with Executive Order\n                         13103, Computer Software Piracy.\n\n                         The audit objectives were to evaluate the effectiveness of NRC\xe2\x80\x99s security policies\n                         for laptop computers.\n\n18\nNRC OIG Semiannual Report\n\x0cAudit Results:\n\nRequired security controls over laptops were lacking in headquarters and each of\ntwo regional offices where OIG surveyed laptops during this audit. These controls\nwere lacking because the agency has not established clear policies and procedures\nto implement and monitor security requirements, especially concerning virus\nprotection and operating system updates for all agency-owned laptop computers.\nAs a result, the agency\xe2\x80\x99s laptops are susceptible to viruses and unauthorized use.\nThis could result in the inadvertent release of sensitive NRC information when\nlaptops are connected to the Internet, or it could pose a threat to the secure\noperation of the agency\xe2\x80\x99s network and information when laptops are connected\nto the NRC LAN. (Addresses Management Challenge #6)\n\nInspector General\xe2\x80\x99s Assessment of the Most Serious Management and\nPerformance Challenges Facing the Nuclear Regulatory Commission\n\nOIG Strategic Goal: Corporate Management\n\nThe Reports Consolidation Act of 2000 requires the Inspector General of each\nFederal agency to summarize annually what he or she considers to be the most\nserious management and performance challenges facing the agency and to assess\nthe agency\xe2\x80\x99s progress in addressing those challenges.\n\nIn accordance with the act, the NRC IG updated what he considers to be the most\nserious management and performance challenges facing NRC. The IG evaluated\nthe overall work of the OIG, the OIG staff \xe2\x80\x99s general knowledge of agency opera-\ntions, and other relevant information to develop and update his list of manage-\nment and performance challenges. As part of the evaluation, OIG staff sought\ninput from NRC\xe2\x80\x99s Chairman, Commissioners, and management on their views\non what challenges the agency is facing and what efforts the agency has taken to\naddress previously identified management and performance challenges.\n\nAssessment Results:\n\nThe IG identified eight challenges that he considers the most serious management\nand performance challenges facing NRC. The challenges identified represent critical\nareas or difficult tasks that warrant high-level NRC management attention.\n\n\n                                                                                               19\n                                                                      April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   This year\xe2\x80\x99s list of challenges reflects several changes from last year\xe2\x80\x99s list.\n\n                   \xe2\x80\xa2\t Prior challenge 2, Appropriate handling of information, was combined with\n                      prior challenge 7, Communication with external stakeholders throughout NRC\n                      regulatory activities. The consolidation of these challenges resulted in the\n                      following description for new challenge 2: Managing information to balance\n                      security with openness and accountability, which captures the need for both\n                      openness and protection of information.\n\n                   \xe2\x80\xa2\t Prior challenge 3, Development and implementation of a risk-informed and\n                      performance-based regulatory approach, was revised to the current challenge 3\n                      language: Implementation of a risk-informed and performance-based regulatory\n                      approach. This change reflects the relative maturity of NRC\xe2\x80\x99s risk-informed\n                      and performance-based regulatory programs and their advancement beyond\n                      developmental efforts to implementation activities.\n\n                   \xe2\x80\xa2\t Prior challenge 4, Ability to modify regulatory processes to meet a changing\n                      environment, specifically the potential for a nuclear renaissance, was reworded\n                      to more precisely focus on licensing issues. Current challenge 4 now states,\n                      Ability to modify regulatory processes to meet a changing environment, to include\n                      the licensing of new nuclear facilities. Waste issues, formerly covered in chal-\n                      lenge 4, are reflected in a new challenge 5, Oversight of radiological waste.\n\n                   \xe2\x80\xa2\t Prior challenge 5, Implementation of information technology, was reworded\n                      to current challenge 6, Implementation of information technology and infor-\n                      mation security measures to emphasize the need to ensure that information\n                      technology resources use technological solutions for information security\n                      when appropriate.\n\n                   The chart that follows provides an overview of the eight most serious manage-\n                   ment and performance challenges as of September 30, 2008.\n\n\n\n\n20\nNRC OIG Semiannual Report\n\x0c                     Most Serious Management and Performance Challenges\n                          Facing the Nuclear Regulatory Commission*\n                                    as of September 30, 2008\n                             (as identified by the Inspector General)\n\n  Challenge 1\t Protection of nuclear material used for civilian purposes.\n\n  Challenge 2\t Managing information to balance security with openness and accountability.\n\n  Challenge 3\t Implementation of a risk-informed and performance-based regulatory approach.\n\n  Challenge 4\t Ability to modify regulatory processes to meet a changing environment,\n  \t            to include the licensing of new nuclear facilities.\n\n  Challenge 5\t Oversight of radiological waste.\n\n  Challenge 6\t Implementation of information technology and information security measures.\n\n  Challenge 7\t Administration of all aspects of financial management.\n\n  Challenge 8\t Managing human capital.\n\n  *The most serious management and performance challenges are not ranked in any order\n  of importance.\n\nThe eight challenges contained in this report are distinct, yet interdependent\nrelative to the accomplishment of NRC\xe2\x80\x99s mission.  For example, the challenge of\nmanaging human capital affects all other management and performance chal-\nlenges.\n\nThe agency\xe2\x80\x99s continued progress in taking actions to address the challenges presented\nshould facilitate successfully achieving the agency\xe2\x80\x99s mission and goals.\n\n\n\n\n                                                                                                21\n                                                                       April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   AUDITS IN PROGRESS\n                   Audit of NRC\xe2\x80\x99s Agreement State Program\n\n                   OIG Strategic Goal: Safety\n\n                   In accordance with Section 274 of the Atomic Energy Act, NRC relinquished to\n                   35 States its authority to regulate certain byproduct material. The States must\n                   demonstrate that their regulatory programs are compatible with NRC\xe2\x80\x99s program\n                   and adequate to protect public health and safety. The 35 States, which have\n                   entered into an agreement assuming this regulatory authority from NRC, are\n                   called Agreement States.\n\n                   NRC and the Agreement States are responsible for ensuring the adequate protection\n                   of public health and safety in the uses of Atomic Energy Act materials. Accord-\n                   ingly, NRC and Agreement State programs must possess the requisite supporting\n                   legislative authority, implementing organization structure and procedures, and\n                   financial and human resources to effectively administer a radiation control program\n                   that ensures adequate protection of public health and safety.\n\n                   NRC\xe2\x80\x99s policy is to evaluate the NRC regional materials programs and Agreement\n                   State radiation control programs in an integrated manner, using common and\n                   non-common performance indicators, to ensure that public health and safety is\n                   adequately protected. As a result, NRC implemented the Integrated Materials\n                   Performance Evaluation Program (IMPEP) to evaluate the regional materials and\n                   Agreement State programs.  Using IMPEP, under normal circumstances, NRC\n                   evaluates these programs every 4 years.\n\n                   This audit will assess NRC\xe2\x80\x99s oversight of the adequacy and effectiveness of Agree-\n                   ment State programs. (Addresses Management Challenge #4)2\n\n\n\n\n                   2\n                     This and the management challenge references on the following pages are those identified for\n                   Fiscal Year 2008.\n\n\n22\nNRC OIG Semiannual Report\n\x0cAudit of the Committee to Review Generic Requirements\xe2\x80\x99 Role in\nGeneric Backfit Reviews\n\nOIG Strategic Goal: Safety\n\nThe Committee to Review Generic Requirements (CRGR) was established to\nensure that proposed generic backfits to be imposed on power reactors and/or\nselected nuclear materials facilities licensed by the NRC are appropriately justified\nbased on backfit provisions of applicable NRC regulations and the Commission\xe2\x80\x99s\nbackfit policy.  As an advisory committee to NRC\xe2\x80\x99s Executive Director for Opera-\ntions, the CRGR\xe2\x80\x99s primary responsibilities are to recommend either approval or\ndisapproval of the staff proposals and to provide guidance and assistance to the\nNRC program offices to help them implement the Commission\xe2\x80\x99s backfit policy.\n\nThe CRGR provides an annual report to the Commission describing its previous\nyear of activities and decisions regarding the various topics that came before the\nCRGR for review. As an additional responsibility, the CRGR is to review the\nNRC\xe2\x80\x99s administrative generic backfit controls to determine if the controls are\nsufficient and staff guidance is comprehensive and clear.\n\nThe objectives of this audit are to determine if CRGR reviews adds value for\nExecutive Director for Operations decisionmaking purposes, and if the CRGR\xe2\x80\x99s\nfunction is still valid. (Addresses Management Challenges #1 and #4)\n\nAudit of National Source Tracking System Development\n\nOIG Strategic Goal: Security\n\nPursuant to the Energy Policy Act of 2005, NRC is required to establish a mandatory\ntracking system for radiation sources in the United States.  The act requires that the\nsystem be able to identify each radiation source by serial number or other unique\nidentifier; report within 7 days of any change of possession of a radiation source;\nreport within 24 hours of any loss of control of or accountability for a radiation\nsource; and provide for reporting through a secure Internet connection.\n\nAdditionally, the system is designed to be a national, comprehensive resource that\nincludes Category 1 and 2 sources held by NRC and Agreement State licensees\nand by the Department of Energy. As a result, the National Source Tracking\n\n\n                                                                                                 23\n                                                                        April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   System is being developed for licensee reporting on sealed sources containing\n                   nuclear materials. The system will provide online tracking of individual sources\n                   throughout their lifecycle.\n\n                   The audit objective is to assess the effectiveness of the system development effort\n                   and assess the delays being encountered. (Addresses Management Challenge #1)\n\n                                    Audit of NRC\xe2\x80\x99s Occupant Emergency Program\n\n                                    OIG Strategic Goal: Security\n\n                                    Federal regulations require the development of an Occupant\n                                    Emergency Plan (OEP) to reduce the possibility of personal injury\n                                    and facility damage in the event of an emergency. OEPs describe\n                                    the actions that occupants should take to ensure their safety if a\n                                    fire or other emergency situation occurs. These plans reduce the\n                                    threat to personnel, property, and other assets within the facility\n                                    in the event of an incident inside or immediately surrounding\n                                    a facility by providing facility-specific response procedures for\n                                    occupants to follow.\n\n                                    The Department of Homeland Security published Federal Conti-\n                                    nuity Directive-1 outlining the requirements agencies must fulfill\n                   in developing emergency response plans.  In addition, the U.S. General Services\n                   Administration Occupant Emergency Program Guide was prepared to assist agen-\n                   cies with their emergency planning.\n\n                   The objective is to evaluate the extent to which NRC\xe2\x80\x99s OEP complies with Federal\n                   regulations. (Addresses Management Challenge #6)\n\n                   Audit of NRC\xe2\x80\x99s FY 2008 Financial Statements\n\n                   OIG Strategic Goal: Corporate Management\n\n                   Under the Chief Financial Officers Act and the Government Management and\n                   Reform Act, OIG is required to audit the financial statements of the NRC. OIG\n                   is auditing NRC\xe2\x80\x99s financial statements in accordance with applicable auditing\n                   standards.  The audit will express an opinion on the agency\xe2\x80\x99s financial statements,\n\n\n24\nNRC OIG Semiannual Report\n\x0cevaluate internal controls, review compliance with applicable laws and regula-\ntions, review the performance measures for compliance with OMB guidance,\nand review the controls in NRC\xe2\x80\x99s computer systems that are significant to the\nfinancial statements. In addition, OIG will measure the agency\xe2\x80\x99s improvements\nby assessing corrective action taken on prior audit findings. (Addresses Manage-\nment Challenge #7)\n\nAudit of NRC\xe2\x80\x99s Warehouse Operations\n\nOIG Strategic Goal: Corporate Management\n\nNRC policy requires the effective and efficient management of property, including\nsufficient controls to deter or prevent loss through fraud, waste, or misuse. NRC\nmaintains two warehouses in separate locations from headquarters. These ware-\nhouses receive, store, and deliver property, equipment, and supplies needed for\nNRC operations. The primary type of property stored in the warehouses is systems\nfurniture, used to construct office workstations. In addition, warehouse staff play\na key role in the abandonment of excess property.  As of July 2008, the warehouses\ncontained approximately 15,000 pieces of property with an acquisition cost of\napproximately $4.2 million.\n\nThe audit objective is to determine whether NRC has established and implemented\nan effective system of internal controls for maintaining accountability and control\nof warehouse property. (Addresses Management Challenge #7)\n\n\n\n\n                                                                                               25\n                                                                      April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0cINVESTIGATIONS\n                   During this reporting period, OIG received 83 allegations, initiated 17 investigations,\n                   and closed 31 cases. In addition, the OIG made 25 referrals to NRC management\n                   and 8 to the Department of Justice.\n\n                   INVESTIGATIVE CASE SUMMARIES\n                   NRC Contractor Soliciting Employment From Applicant During Audit\n                   Review\n\n                   OIG Strategic Goal: Corporate Management\n\n                   OIG completed an investigation into claims by an NRC applicant who had\n                   submitted a request for a design certification for a new boiling water reactor.\n                   The applicant alleged that during an NRC audit of the applicant\xe2\x80\x99s software quality\n                   assurance program, an NRC audit contractor attempted to solicit work from the\n                   applicant.\n\n                   OIG learned that during a meeting between the NRC, the audit contractor,\n                   and applicant personnel, problems were identified with the applicant\xe2\x80\x99s software\n                   program and, as a result, the NRC audit contractor made critical comments\n                   about the applicant\xe2\x80\x99s program. The contractor provided the applicant personnel\n                   with his business cards and recommended that they consult with experts in the\n                   software modeling field to help with their software development. The applicant\n                   personnel felt these comments were derogatory and inappropriate because the\n                   NRC contractor was in a position to influence the NRC\xe2\x80\x99s opinion of the software\n                   program. Nevertheless, the applicant personnel acknowledged they were unsure\n                   whether these comments were in fact an attempt to solicit work. In addition,\n                   NRC staff who attended the meeting did not believe that the NRC contractor had\n                   attempted to solicit work from applicant personnel.\n\n                   OIG determined that the NRC audit contractor was critical of the software program\n                   and that he provided the applicant personnel his business card and suggested\n                   they consult with experts in the software modeling field to help with their soft-\n                   ware development.  However, OIG also determined that these industry experts\n                   referenced by the contractor are longstanding professors at major universities\n                   and that there was no connection between the NRC audit contractor and the\n                   industry experts he recommended to the applicant personnel during the audit.  \n                   (Addresses Management Challenge #1)\n\n26\nNRC OIG Semiannual Report\n\x0cFalse Claims of Small Business Entity Status By NRC Licensees\n\nOIG Strategic Goal: Corporate Management\n\nOIG completed two separate investigations involving NRC material licensees\nthat submitted false claims of small business entity status. Licensees that certify\nthemselves as small business entities are eligible to receive reduced material license\nfees.\n\nNRC requires companies seeking small business entity status to complete NRC\nForm 526 as part of the qualification process. Form 526 states that companies\nwith 35 to 500 employees or between $350,000 and $6,000,000 in annual revenue\nare eligible for a reduced material license fee of $2,300; companies with fewer than\n35 employees or annual revenue of less than $350,000 are eligible for a reduced\nmaterial license fee of $500. NRC Form 526 also states that licensees that are\nsubsidiaries of larger entities, including foreign entities, do not qualify as small\nbusiness entities if the aggregate totals of the parent company are not within the\nguidelines of NRC Form 526.\n\nOIG determined that one company applied and received small business entity\nstatus from the NRC for FY 2004 through FY 2007, which allowed the company\nto pay a reduced material license fee of $2,300 during those years. However,\nthe company was a subsidiary of a much larger company that employed more\nthan 28,000 people, which made the company ineligible for the reduced fee.\nThe company applied for the small business entity status based on the number\nof employees working for the subsidiary only. In addition, the company did\nnot receive sufficient guidance from the NRC concerning its eligibility for small\nbusiness entity status. The company reimbursed NRC $21,700 for the unpaid\nportion of the full license fees.\n\nOIG determined that another company was a subsidiary of an overseas company\nwith revenue and number of employees that exceeded the guidelines used to\ncertify small business entity status. The company certified its small business\nentity status for FY 2006 and FY 2007, which allowed the company to pay a\nreduced material license fee during those years even though, as a subsidiary, the\ncompany was ineligible for the reduced material license fee. However, during\nFY 2005, the company was eligible and received small business entity status.\nThe company\xe2\x80\x99s status changed in early FY 2006 when it was acquired by a larger\ncompany. Furthermore, the company did not receive sufficient guidance from\n                                                                                                 27\n                                                                        April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   the NRC concerning its eligibility for small business entity status. The company\n                   reimbursed NRC $18,200 for the unpaid portion of the full license fee. (Addresses\n                   Management Challenge #6)\n\n                   NRC Staff Review of License Renewal Applications\n\n                   OIG Strategic Goal: Safety\n\n                   OIG completed an investigation into concerns raised regarding the extent of the\n                   NRC staff review of license renewal applications. These concerns were raised by\n                   an OIG audit report3 issued in September 2007. The OIG audit report identified\n                   cases where documents prepared by NRC contained nearly word-for-word repeti-\n                   tion of a licensee\xe2\x80\x99s renewal application text without attribution to the applicant.  \n                   The audit noted that this practice made it difficult for a reader to distinguish\n                   between information submitted by the applicant and information prepared by\n                   NRC to support its independent assessment and conclusion. The audit noted\n                   that this reporting technique could cast doubt as to exactly what NRC did to\n                   independently review an applicant\xe2\x80\x99s license renewal application.\n\n                   To address the concerns raised by the audit, OIG investigated the NRC staff\n                   preparation of license renewal Safety Evaluation Reports (SER) for four nuclear\n                   plants. The OIG review included interviews and reviews of documents relevant\n                   to NRC\xe2\x80\x99s assessment of license renewal applications for the four nuclear plants.\n                   OIG\xe2\x80\x99s review focused on two Aging Management Programs (AMP) for each plant.\n                   AMPs demonstrate that the effects of aging will be adequately managed by the\n                   licensee so that the intended function(s) will be maintained consistent with the\n                   current licensing basis for the period of extended operation.\n\n                   The NRC safety review process includes technical reviews performed in head-\n                   quarters and onsite audits. Individual staff from Office of Nuclear Reactor Regu-\n                   lation (NRR) engineering divisions in headquarters conduct technical reviews of\n                   plant-specific AMPs and other unresolved or emergent issues. These individuals\n                   review specific sections of the renewal application based on their area of exper-\n                   tise. Teams from the Division of License Renewal, NRR, perform onsite audits\n                   of supporting documentation for AMPs. The results of these NRC staff reviews\n                   are documented in a SER.\n\n\n\n28\n                   3\n                       Audit of NRC\xe2\x80\x99s License Renewal Program, OIG-07-A-15, September 6, 2007\n\n\n\nNRC OIG Semiannual Report\n\x0cOIG determined that professional judgment was used to establish the extent of the\nstaff \xe2\x80\x99s review of applicant documents and the number and nature of questions posed\nby NRC to the applicant staff. NRC reviewers prepared working papers, including\nchecklists, during the audits that reflected the specific documents reviewed. The\nNRR audit team working papers included notes from these document reviews\nand additional information supplied by applicant staff. The reviewers used these\nworking papers during and following the onsite audit to prepare their formal\ninput for an audit report, which was used as input to the SER.\n\nNRC work hour data reviewed by OIG indicated that significant numbers of hours\nwere used by the NRC staff in the review of these four license renewal applications.\nThe NRR audit reports prepared by NRR staff also listed a number of applicant\ndocuments that were reviewed during these license renewal reviews.\n\nOIG determined that SERs are summary in nature as are the NRR audit reports.\nThese audit reports contain the documented description of the NRC on site review\nof AMPs and provide support for the SERs. However, OIG learned that the staff\ndoes not preserve copies of all applicant documents reviewed during the onsite\naudits, and the staff does not preserve their own audit working papers as perma-\nnent records which made it difficult to verify specific details of the agency\xe2\x80\x99s onsite\nreview activities. (Addresses Management Challenges #3 and #4)\n\nNRC\xe2\x80\x99s Handling of Security Related Allegation\n\nOIG Strategic Goal: Security\n\nOIG completed an Event Inquiry in response to concerns that NRC staff mishandled\na security related allegation pertaining to inattentive security officers at the Peach\nBottom Atomic Power Station (Peach Bottom). This inquiry was undertaken in\nresponse to information provided to OIG in a September 2007 letter from the\nProject on Government Oversight (POGO) describing a pattern of on-duty secu-\nrity officer fatigue and inattentiveness at Peach Bottom. Peach Bottom is owned\nby Exelon, which holds the NRC license for the plant.  At the time of alleged\ninattentiveness by security officers, The Wackenhut Corporation provided the\nsecurity services for the plant.\n\nIn support of its concern, POGO provided OIG a copy of an undated letter post-\nmarked March 20, 2007, that had been given to POGO by a former security manager\n\n                                                                                                 29\n                                                                        April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   for The Wackenhut Corporation. The March letter claimed that Peach Bottom\n                   security officers were fatigued from working excessive overtime or 12-hour shifts\n                   and would cover for each other so they could take naps of 10 minutes or more\n                   during shifts. The letter also indicated that (1) past efforts by NRC to identify\n                   personnel sleeping on duty had failed, (2) NRC and Exelon were aware that officers\n                   were sleeping while on duty, and (3) security officers feared Exelon management\n                   retaliation for raising safety concerns. This letter had been provided to the NRC\n                   resident inspector at Peach Bottom in March 2007, and at that time the concerns\n                   it relayed were evaluated under NRC\xe2\x80\x99s allegation management program by the\n                   NRC\xe2\x80\x99s Region I office, which provides regulatory oversight for Peach Bottom.\n\n                   OIG learned that in handling this allegation, Region I opted to refer the concerns\n                   to Exelon in a April 30, 2007, letter for evaluation.  Exelon\xe2\x80\x99s review, documented\n                   in a May 30, 2007, assessment report, did not substantiate the concerns. Region I\n                   concurred with Exelon\xe2\x80\x99s assessment and in August 2007 closed the Peach Bottom\n                   allegation file as unsubstantiated.\n\n                   In September 2007, just prior to OIG\xe2\x80\x99s receipt of POGO\xe2\x80\x99s letter, the WCBS news\n                   station in New York provided a videotape to NRC Region I that depicted inatten-\n                   tive security officers on duty at Peach Bottom. The videotape was broadcast on\n                   national television and resulted in considerable congressional and public concern.\n                   NRC did not refer this allegation to Exelon for review, but instead convened a\n                   special NRC inspection team to review the concern, which was substantiated.\n\n                   OIG determined that Region I was inconsistent in its assessment of the safety\n                   significance of the two allegations, made within 6 months of each other, conveying\n                   similar concerns about inattentive security officers at Peach Bottom. OIG also\n                   determined that in referring the Peach Bottom security concerns to Exelon, Region\n                   I staff did not follow NRC guidance that allegations against licensee management\n                   should not be referred. Two of the three concerns \xe2\x80\x93 officers feared retaliation\n                   from Exelon management for raising safety concerns and Exelon management\n                   was aware that officers were inattentive on duty but had not taken proper actions\n                   to address the inattentiveness \xe2\x80\x93 fall into this category.\n\n                   OIG also determined that, in conjunction with referring the March 2007 concerns\n                   to Exelon for evaluation, Region I could have taken the following steps:\n\n\n30\nNRC OIG Semiannual Report\n\x0c\xe2\x80\xa2\t Contacted the former Wackenhut security manager to obtain additional\n   information because the Region I staff believed the alleger\xe2\x80\x99s letter lacked\n   specificity.\n\n\xe2\x80\xa2\t Provided more detailed information to Exelon pertaining to the March 2007\n   security concerns.  Specifically, in its April 30, 2007, letter to Exelon, Region\n   I could have informed Exelon that security officers were coordinating with\n   each other or waking each other up to respond to radio checks. They also\n   could have conveyed the alleger\xe2\x80\x99s suggestion to monitor the plant personnel\n   staging areas.\n\n\xe2\x80\xa2\t Provided the March 2007 concerns to the NRC resident inspectors assigned\n   to Peach Bottom for increased monitoring of security officer activities.\n\n\xe2\x80\xa2\t Tasked the Region I security inspectors to look into the matter during their\n   scheduled security inspection conducted at Peach Bottom from April 30 to\n   May 4, 2007.\n\nFurthermore, OIG determined that NRC staff did not probe or attempt to verify the\ninformation provided by Exelon in its May 30, 2007, assessment report. (Addresses\nManagement Challenge #1)\n\nImproper Direction by NRC Staff During a Force-\non-Force Exercise at Sequoyah\n\nOIG Strategic Goal: Security\n\nOIG conducted an investigation into concerns that NRC\nstaff may have assisted or redirected a composite adversary\nforce (CAF) during a force-on-force (FOF) security training\nexercise at Sequoyah Nuclear Power Plant (Sequoyah), which\naffected the outcome of the exercise.  FOF exercises are used\nby NRC to evaluate security programs at nuclear power\nplants.  During an FOF exercise, the CAF, which is a mock Force-on-force security training exercise.\nadversary force, is used to infiltrate a facility and then simu-\nlate damaging key safety systems and components that protect the nuclear power\nplant. The plant\xe2\x80\x99s security force, in turn, seeks to stop the CAF from damaging\n\n\n                                                                                                31\n                                                                       April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   the plant\xe2\x80\x99s equipment. A controller is assigned to each CAF member to ensure\n                   that the exercise scenarios are conducted safely and that all players are following\n                   the rules of engagement.\n\n                   OIG learned that an NRC staff member accompanied the CAF during the FOF\n                   exercise at Sequoyah from the time the CAF entered the plant\xe2\x80\x99s perimeter until\n                   the completion of the exercise.  After CAF members reached the plant\xe2\x80\x99s auxiliary\n                   building, they breached the wrong door. According to the lead CAF controller,\n                   CAF members overheard a conversation he had with the NRC staff member\n                   regarding the fact that the wrong door had been breached, which allowed the\n                   CAF to use this information to successfully complete the mission.\n\n                   OIG determined that CAF members did not improperly receive any help or guid-\n                   ance from any NRC staff member. Further, the CAF members did not witness\n                   any gestures by any NRC staff member that would have unintentionally given\n                   them information to successfully complete the mission, nor did they overhear any\n                   conversation between any NRC staff member and the lead CAF controller. Rather,\n                   CAF members determined on their own that they had breached the wrong door\n                   and that their only other option was to breach the one remaining door within\n                   the room. (Addresses Management Challenge #1)\n\n\n\n\n32\nNRC OIG Semiannual Report\n\x0cSTATISTICAL SUMMARY OF\nOIG ACCOMPLISHMENTS\nINVESTIGATIVE STATISTICS\nSource of Allegations \xe2\x80\x94 April 1, 2008, through September 30, 2008\n\n                          NRC Employee                                               15\n                      NRC Management                                         12\n            Other Government Agency                    2\n                                Intervenor             2\n                           General Public                                                 17\n               OIG Investigation/Audit                                               15\n                     Regulated Industry                    3\n                             Anonymous                                    11\n                           Congressional                   3\n                                     Media                 3\n\n\n            Allegations resulting from Hotline calls: 25                             Total: 83\n\n\nDisposition of Allegations \xe2\x80\x94 April 1, 2008, through September 30, 2008\n\n                                      Total                                               83\n                Closed Administratively                              33\n          Referred for OIG Investigation                   17\n  Referred to NRC Management and Staff                          25\n            Referred to External Agency        1\n              Pending Review or Action          3\n             Correlated to Existing Case           4\n\n\n\n\n                                                                                                   33\n                                                                          April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   Status of Investigations\n\n                   DOJ Referrals . .................................................................................................... 8\n                   DOJ Pending (from a prior period).................................................................. 1\n                   DOJ Declinations ............................................................................................... 7\n                   DOJ Accepted ..................................................................................................... 1\n                   NRC Administrative Actions:\n                   \t Terminations and Resignations ................................................................. 1\n                   \t Suspensions and Demotions ...................................................................... 2\n                   \t Counseling . .................................................................................................. 1\n                   \t Recoveries ..........................................................................................$39,900\n\n\n                   Summary of Investigations\n                   Classification of \t\t           Opened \t Closed \t Cases In\n                   Investigations\t     Carryover\t Cases\t   Cases\t Progress\n\n                   Conflict of Interest\t                      1\t                                     0\t              0\t              1\n                   Internal Fraud\t                            1\t                                     0\t              1\t              0\n                   External Fraud\t                            6\t                                     1\t              3\t              4\n                   \tFalse Statements\t                         0\t                                     2\t              1\t              1\n                    \tMisuse of Government Property\t           5\t                                     3\t              6\t              2\n                     \tEmployee Misconduct\t                    3\t                                     6\t              2\t              7\n                      \tManagement Misconduct\t                 3\t                                     1\t              3\t              1\n                       Mishandling of Technical Allegations/\n                       \t\t Miscellaneous\t                     12\t                                    3\t              7\t              8\n                       Proactive Initiatives\t                 5\t                                    1\t              4\t              2\n                       Project\t                              10\t                                    0\t              3\t              7\n                       Event Inquiries\t                       2\t                                    0\t              1\t              1\n                       \t\t\t Total Investigations\t             48\t                                   17\t             31\t             34\n\n\n\n\n34\nNRC OIG Semiannual Report\n\x0cAUDIT LISTINGS\nInternal Program Audit and Special Evaluation Reports\n\nDate\t         Title\t                                          Audit Number\n\n09/30/2008\t   Inspector General\xe2\x80\x99s Assessment of the Most \t    OIG-08-A-20\n\t             Serious Management and Performance\n\t             Challenges Facing the Nuclear\n\t             Regulatory Commission\n\n09/30/2008\t   Audit of NRC\xe2\x80\x99s Laptop Management \t              OIG-08-A-19\n\n09/30/2008\t   Independent Evaluation of NRC\xe2\x80\x99s\n\t             Implementation of the Federal Information\n\t             Security Management Act for Fiscal Year 2008\t   OIG-08-A-18\n\n09/30/2008\t   Audit of NRC\xe2\x80\x99s Enforcement Program\t             OIG-08-A-17\n\n09/15/2008\t   Audit of NRC\xe2\x80\x99s Premium Class Travel \t           OIG-08-A-16\n\n09/09/2008\t   Memorandum Report: Audit of the\n\t             Nuclear Regulatory Commission\xe2\x80\x99s Use of\n\t             Reemployed Annuitants\t                          OIG-08-A-15\n\n07/18/2008\t   Audit of NRC\xe2\x80\x99s Control Over the Process\n\t             for Eliminating Management Directives\t          OIG-08-A-14\n\n07/16/2008\t   Evaluation of NRC\xe2\x80\x99s Training and\n\t             Development Program\t                            OIG-08-A-13\n\n07/15/2008\t   Audit of the Nuclear Regulatory\n\t             Commission\xe2\x80\x99s USAID-Funded Activities\t           OIG-08-A-12\n\n06/17/2008\t   Audit of NRC\xe2\x80\x99s Accounting and Control\n\t             Over Time and Labor Reporting\t                  OIG-08-A-11\n\n05/21/2008\t   Audit of NRC Continuity of Operations Plan\t     OIG-08-A-10\n\n\n                                                                                         35\n                                                                April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c                   Contract Audit Reports\n\n                   OIG\t          Contractor/\t              Questioned\t   Unsupported\n                   Issue Date\t   Contract Number\t            Costs\t         Costs\n\n                   06/25/08\t     Beckman and Associates\t       0\t             0\n                   \t             NRC-03-03-037\n\n                   06/25/08\t     Hummer Whole Health \t      $53,004\t          0\n                   \t             Management\t\n                   \t             NRC-38-05-366\n\n\n\n\n36\nNRC OIG Semiannual Report\n\x0cAUDIT RESOLUTION ACTIVITIES\nTABLE I\nOIG Reports Containing Questioned Costs4\nApril 1, 2008, through September 30, 2008\n\t                                            \t                                               Questioned\t             Unsupported\n\t                                        Number of\t                                             Costs\t                  Costs\nReports\t                                  Reports\t                                            (Dollars)\t              (Dollars)\n\nA.\t    For which no management decision\n       had been made by the commencement\n       of the reporting period\t                                           0\t                         0\t                      0\n\nB.\t    Which were issued during the\n       reporting period\t                                                  1\t                    $53,004\t                     0\n\n\t      Subtotal (A + B)\t                                                  1\t                    $53,004\t                     0\n\nC.\t    For which a management decision was\n       made during the reporting period:\n\n\t      (i) \t dollar value of disallowed costs\t                            0\t                         0\t                      0\n\n\t      (ii)\t dollar value of costs not disallowed\t                        0\t                         0\t                      0\n\nD.\t    For which no management decision\n       had been made by the end of the\n       reporting period\t                                                  1\t                    $53,004\t                     0\n\nE.\t    For which no management decision was\n       made within 6 months of issuance\t                                  0\t                         0\t                      0\n\n4\n Questioned costs are costs that are questioned by the OIG because of an alleged violation of a provision of a law, regulation, contract,\ngrant, cooperative agreement, or other agreement or document governing the expenditure of funds; a finding that, at the time of the\naudit, such costs are not supported by adequate documentation; or a finding that the expenditure of funds for the intended purpose\nis unnecessary or unreasonable.\n\n\n\n\n                                                                                                                              37\n                                                                                             April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c          TABLE II\n          OIG Reports Issued with Recommendations That Funds Be Put to Better Use5\n\n          \t                                                                    Number of\t            Dollar Value\n          Reports\t                                                              Reports\t              of Funds\n\n          A.\t    For which no management decision\t 0\t 0\n                 had been made by the commencement\n                 of the reporting period\t\t\t\n\n          B.\t    Which were issued during the \t 1\t                                                      $104,000\n                 reporting period\t\t\n\n          C.\t    For which a management decision was\t\n                 made during the reporting period:\t\t\n\n          \t          (i) \t dollar value of recommendations\t                          0\t                      0\n                 \t         that were agreed to by management\n\n          \t       (ii) \tdollar value of recommendations \t                            0\t                      0\n                  \t that were not agreed to by management\n\n          D.\t    For which no management decision had\t                               1\t                 $104,000\n                 been made by the end of the reporting\n                 period\n\n          E.\t    For which no management decision was\t 0\t 0\n                 made within 6 months of issuance\t\t\t\t\n\n\n\n          5\n           A \xe2\x80\x9crecommendation that funds be put to better use\xe2\x80\x9d is a recommendation by the OIG that funds could be\n          used more efficiently if NRC management took actions to implement and complete the recommendation,\n          including: reductions in outlays; deobligation of funds from programs or operations; withdrawal of\n          interest subsidy costs on loans or loan guarantees, insurance, or bonds; costs not incurred by implementing\n          recommended improvements related to the operations of NRC, a contractor, or a grantee; avoidance of\n          unnecessary expenditures noted in preaward reviews of contract or grant agreements; or any other savings which are\n          specifically identified.\n\n\n38\nNRC OIG Semiannual Report\n\x0cTABLE III\nSignificant Recommendations Described in Previous Semiannual Reports on\nWhich Corrective Action Has Not Been Completed\n\nDate\t       Report Title\t                                                    Number\n\n05/26/03\t   Audit of NRC\xe2\x80\x99s Regulatory Oversight of Special \t              OIG-03-A-15\n\t           Nuclear Materials\n\n\t           Recommendation 1: Conduct periodic inspections to\n\t           verify that material licensees comply with material\n\t           control and accountability (MC&A) requirements,\n\t           including, but not limited to, visual inspections of\n\t           licensees\xe2\x80\x99 special nuclear material (SNM) inventories\n\t           and validation of reported information.\t\t\n\n03/16/06\t   Audit of the NRC\xe2\x80\x99s Byproduct Materials License \t              OIG-06-A-11\n\t           Application and Review Process\n\n\t           Recommendation 2: Modify the license application and\n\t           review process to mitigate the risks identified in the\n\t           vulnerability assessment.\n\n09/26/06\t   Evaluation of NRC\xe2\x80\x99s Use of Probabilistic Risk Assessment \t    OIG-06-A-24\n\t           in Regulating the Commercial Nuclear Power Industry\n\n\t           Recommendation 3: Conduct a full verification and\n\t           validation of SAPHIRE version 7.2 and GEM.\n\n\n\n\n                                                                                           39\n                                                                  April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0cABBREVIATIONS AND ACRONYMS\n                   AMP\t     Aging Management Programs\n                   CAF\t     composite adversary force\n                   CRGR\t    Committee to Review Generic Requirements\n                   FISMA\t   Federal Information Security Management Act\n                   FLETC\t   Federal Law Enforcement Training Center\n                   FOF\t     force-on-force\n                   FSA\t     Freedom Support Act\n                   FTR\t     Federal Travel Requlations\n                   FY\t      Fiscal Year\n                   GIP\t     Generic Issues Program\n                   HR\t      Office of Human Resources (NRC)\n                   IAM\t     Issue Area Monitor\n                   ICOD\t    Infrastructure and Computer Operating Division (NRC)\n                   IG\t      Inspector General\n                   IMPEP\t   Integrated Materials Performance Evaluation Program\n                   IT\t      information technology\n                   LAN\t     local area network\n                   MD\t      Management Directive\n                   NRC\t     U.S. Nuclear Regulatory Commission\n                   NRR\t     Office of Nuclear Reactor Regulation (NRC)\n                   OEP\t     Occupant Emergency Plan\n                   OIS\t     Office of Information Services (NRC)\n                   OIG\t     Office of the Inspector General (NRC)\n                   OMB\t     Office of Management and Budget\n                   POGO\t    Project on Government Oversight\n                   SER\t     Safety Evaluation Reports\n                   USAID\t   U.S. Agency for International Development\n\n40\nNRC OIG Semiannual Report\n\x0c                               REPORTING REQUIREMENTS\nThe Inspector General Act of 1978, as amended (1988), specifies reporting require-\nments for semiannual reports.  This index cross-references those requirements\nto the applicable pages where they are fulfilled in this report.\n\n\nCITATION\t               REPORTING REQUIREMENTS\t                                                  PAGE\n\nSection 4(a)(2)\t        Review of Legislation and Regulations . ...............................5-7\n\nSection 5(a)(1)\t        Significant Problems, Abuses, and Deficiencies . .....10-21, 26-32\n\nSection 5(a)(2) \t Recommendations for Corrective Action ........................10-21\n\nSection 5(a)(3) \t Prior Significant Recommendations\n\t                 Not Yet Completed . ................................................................. 39\n\nSection 5(a)(4) \t Matters Referred to Prosecutive Authorities ........................ 34\n\nSection 5(a)(5) \t Information or Assistance Refused . ................................. None\n\nSection 5(a)(6) \t Listing of Audit Reports .......................................................... 35\n\nSection 5(a)(7) \t Summary of Significant Reports ...........................10-21, 26-32\n\nSection 5(a)(8) \t Audit Reports \xe2\x80\x94 Questioned Costs ..................................... 37\n\nSection 5(a)(9)  \t Audit Reports \xe2\x80\x94 Funds Put to Better Use ............................ 38\n\nSection 5(a)(10) \t Audit Reports Issued Before Commencement\n\t                  of the Reporting Period for Which No\n\t                  Management Decision Has Been Made ........................... None\n\nSection 5(a)(11) \t Significant Revised Management Decisions .................... None\n\nSection 5(a)(12) \t Significant Management Decisions With\n\t                  Which OIG Disagreed ........................................................ None\n\n\n\n\n                                                                                                                  41\n                                                                                         April 1, 2008 \xe2\x80\x93 September 30, 2008\n\x0c42                          Transport of Dry Cask Spent Fuel Storage Container\n\nNRC OIG Semiannual Report\n\x0c\x0c\x0c'